Bank of Ireland has been fined €1.6m by the Central Bank, after it failing to report an incident of online fraud to Gardaí in 2014.
In September 2014, Bank of Ireland paid €106,000 to an account in the UK after taking instructions from a fraudster impersonating a client.
The transfer was made by a fraudster who had hacked the client's email account.
To allow this to happen, bank staff handed over confidential details following an email request, while they didn't ask security questions to verify the person's identity, or notice that the fraudster signed off their email with a different name to the client.
The client later contacted the bank about the fraud, and was reimbursed their money.
The Central Bank discovered the incident a year later, and an investigation found serious deficiencies in how Bank of Ireland handled third party payments.
A lack of transparency about the incident also had the effect of misleading its investigation.
Bank of Ireland started marking the appropriate adjustments to its processes 17 months after the incident occurred, and only after the Central Bank's intervention, which it says was another aggravating factor in the case.
In a press release issued today, the bank reiterated a public apology for the indiscretion.
"Bank of Ireland regrets the circumstances of this incident and the weaknesses in internal controls and procedures that it highlighted. As soon as the Bank became aware of the issue we ensured that the customer involved was fully reimbursed.
"Bank of Ireland also regrets the approach to this investigation. All relevant information should have been disclosed to the Central Bank of Ireland from the outset, and the matter should have been reported to all relevant authorities.
"The Bank has apologised to the customer involved and to the Central Bank."